security Programmer Writer 🔥
Our client is currently seeking a Security Programmer Writer (Open Source) to join their team for a remote position. The candidate will join the Security Lab and will contribute to the curation of our Advisory Database.
Scope of Activity and Responsibilities:
1. Conduct code reviews (must be able to read code/no actual coding required)
2. Analyze vulnerability reports to address the problems of vulnerability uniqueness, transparency and disclosure
3. Apply Open Source software experience to role
4. Manage the content within the Advisory Database, what source data is ingested from the Database, and which standards are followed for the advisories in the ingested datasets, vulnerability information shared in the database powers many open-source tools, including Dependabot and npm-audit.
5. Maintain the completeness and correctness of the data within the Advisory Database
6. Review, curate and publish security advisories, including their descriptions, affected product data, severity, and more using our curation tooling
- Strong understanding of common software vulnerabilities and knowledge of secure code principles, including common versioning schemes
- Strong understanding of open-source software development and packaged software
- Familiarity with GIT and other version control software
- Strong written and verbal communication skills and strong technical writing skills
- Minimum 3+ years of experience in the field of information security, system administration, or open-source software maintenance
- Familiarity with vulnerability analysis, vulnerability trends, and using common vulnerability metrics (CVSS, CWE)
- Familiarity with evaluating risk, impact, and severity of a vulnerability
- Experience performing code reviews
- Previous experience using open-source software and strong interest in open source security
- Previous experience in the software security domain is a big plus, though other relevant experience will be considered as well
- Must be self-motivated, as well as highly organized
- Must have worked either within or with engineers in the security / product security space
We will consider for employment all qualified applicants, including those with criminal histories, arrest, and conviction records in a manner consistent with the requirements of applicable state and local laws. This includes the City of Los Angeles Fair Chance Initiative for Hiring Ordinance as well as the San Francisco Fair Chance Ordinance.
W2 only, no Corp to Corp. We are unable to sponsor H1B visas at this time. ** e X cell™ Supports Equal Employment Opportunity** e X cell™, a division of CompuCom® Systems, Inc., a global company headquartered in Bellevue, Washington, provides IT staffing services and solutions to Fortune 1000 companies as well as small and medium business. For more information, visit www.excell.com.